“Weak” implementation of AES-CTR?

2018-10-23 12:16:53

Assume an instantiation of AES-CTR like in the following picture:

Some details on the input-values for keystream generation:

COUNT: a 32-bit value associated with the transmission mode

IV#1: a 5-bit value that can be assumed constant for a specified transmission

IV#2: a 1-bit value indicating the direction of the transmission

incr: a 64-bit value initialized to 0 and then incremented per standard $\bmod 2^{64}$ increment function.

Assume that all those input values are not difficult to identify/guess as they are required to establish correct transmission and synchronization between the two communicating parties. Is this a weak AES-CTR implementation, assuming one can obtain pairs of keystreams/input-values?

I guess we can say this implementation is malleable as any AES-CTR without authentication steps. Any other weaknesses?